Web traffic should be sent to your web filter via a proxy connection. Transparent, or in-line, proxies are not supported. If you have to use one, you can whitelist *.google.com to allow all google.com requests to go through without SSL interception. However, this is an unsupported configuration. For more information, see About transparent proxies.

Transparent proxies

Transparent, or in-line, proxies determine a requested URL by looking at the SSL certificate. In most cases, the domain name associated with the SSL certificate (Common Name) matches the URL being requested. The proxy checks the Common Name against a URL whitelist to decide whether or not the traffic should be allowed. However, many large organizations purchase wildcard SSL certificates that don’t use an explicit URL for the Common Name. For example, Google uses *.google.com as the Common Name for many of the URLs that are required for Chrome devices to work.

The certificate information looks like this:

For the transparent proxy to work, it needs *.google.com to be added to the URL whitelist to allow all traffic to *.google.com. This configuration is not supported because of Chrome security features that are in place, and we recommend that you avoid the use of transparent proxies.